Sometimes its necessary to implement an SSO-Enviroment over different WebSphere-Cells (e.g. Production-Cell and Acceptance-Cell). To do this both cells need the same LTPA-Keys.
The synchronization of LTPA-Keys can be done over Admin-Console.
1. To Export LTPA-Keys from a Cell navigate to
Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.
2. Fill out the import/export-Form at the bottom of the pageand click "Export keys". The LTPA-Keys will be exported to the specified directory. (The Keys will be password protected.)
3. Copy the exported ltpa.jceks-File to other the Cell (do not override ltpa.jceks of this cell).
4. Take a look at ltpa.jceks-File of this cell and note the file-size.
File is located in /"websphere"/"dmgr"/config/cells/"cellname"/ltpa.jceks
5. To import the LTPA-Keys to other Cell navigate to
Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.
6. Fill out "Cross-cell Single sign on"-From and click "Import keys"
7. File size of ltpa.jceks-File of this Cell should now be increased.
Sometimes nothing happens to file size of ltpa.jceks-File and Cross-cell SSO will not work (WAS-Bug).
In this case just repeat the import.
8. Restart servers/node